{"id":71850,"date":"2025-10-16T22:45:34","date_gmt":"2025-10-16T19:15:34","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-62416-bagisto-server-side-template-injection-ssti-in-product-description\/"},"modified":"2025-10-16T22:45:34","modified_gmt":"2025-10-16T19:15:34","slug":"cve-2025-62416-bagisto-server-side-template-injection-ssti-in-product-description","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-62416-bagisto-server-side-template-injection-ssti-in-product-description\/","title":{"rendered":"CVE-2025-62416 &#8211; bagisto &#8211; Server Side Template Injection (SSTI) in Product Description"},"content":{"rendered":"<p>CVE ID : CVE-2025-62416<\/p>\n<p>Published :  Oct. 16, 2025, 7:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago<\/p>\n<p>Description : Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with product creation privileges to inject arbitrary template expressions that are evaluated by the backend \u2014 potentially leading to Remote Code Execution (RCE) on the server. This vulnerability is fixed in 2.3.8.<\/p>\n<p>Severity: 5.1 | MEDIUM<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-62416 Published : Oct. 16, 2025, 7:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago Description : Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows an attacker with &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-71850","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/71850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=71850"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/71850\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=71850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=71850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=71850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}